Download Guidance for when No PP Exists

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts

Multilevel security wikipedia , lookup

Unix security wikipedia , lookup

Mobile security wikipedia , lookup

Microsoft Security Essentials wikipedia , lookup

Transcript 
National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
®
™
M
Guidelines for When No PP Exists
9800 Savage Road, STE 6940, Ft. Meade, MD 20755-6940
Phone: (410) 854-4458 Fax: (410) 854-6615
E-mail: [email protected]
http://www.niap-ccevs.org/
Introduction
NIAP is developing a suite of Protection Profiles in conjunction with end users, vendors, test labs,
academia and international Common Criteria partners for various technologies. Within the Common
Criteria Recognition Arrangement, NIAP will participate in the development of collaborative Protection
Profiles. Both NIAP PPs and international collaborative PPs are suitable for mutually-recognized CC
evaluations. As more PPs are developed, most products will be of a technology type for which a PP
exists.
However, it is recognized that not every product is able to be evaluated against existing PPs. Because
NIAP will only accept products for evaluation against Protection Profiles (i.e. Security Target-based
evaluations are not accepted within NIAP), this guidance explains options for vendors and end users
when a suitable Protection Profile is not available for certain products.
NIAP takes several factors into consideration if a vendor or end user requires a product to be evaluated,
but no PP is available for that technology type. In all cases, NIAP should be contacted directly to discuss
a way forward for each specific situation. If no PP is published relevant to the product’s technology, the
following considerations apply:

When a relevant PP is in development or planned:
o NIAP recommends the end user and vendor participate in the Technical Community to
develop the PP, and submit the product for evaluation immediately upon publication of
the PP. Participation in the Technical Community gives participants insights into the PP
requirements and assurance activities. It also allows vendors to position their product
for evaluation immediately upon publication of the PP.
o If evaluation is required by a customer immediately and the PP is not complete, NIAP
will work with the end user to mitigate risks associated with temporary) installation of
an unevaluated product until the PP is published. In this case, upon publication of the
PP, the product must be submitted by the vendor for evaluation.

If there is no PP in development or planned, NIAP will work with the end user and/or vendor to
determine whether a Common Criteria evaluation is necessary and will provide alternatives for
the product security use case requirements.
9800 Savage Road, STE 6940, Ft. Meade, MD 20755-6940
Phone: (410) 854-4458 Fax: (410) 854-6615
E-mail: [email protected]
http://www.niap-ccevs.org/
Related documents
Special Vending License
Special Vending License
Selecting an ERP System
Selecting an ERP System
CLAIM FOR PAYMENT– PURCHASE OF LAND OR PROPERTY
CLAIM FOR PAYMENT– PURCHASE OF LAND OR PROPERTY
1 Introduction
1 Introduction
what are the 6 steps to select and implement a computer system?
what are the 6 steps to select and implement a computer system?
High School Teen Living
High School Teen Living
Request for Financial Assistance
Request for Financial Assistance
Sarah`s PowerPoint Slides
Sarah`s PowerPoint Slides
Project Management Plan
Project Management Plan
Planning Authority`s Reference WA/2008/0788
Planning Authority`s Reference WA/2008/0788